On Thu, Aug 11, 2016 at 9:42 AM, Stéphane Laurière <slauri...@ubimix.com> wrote: > Hi all, > > I have a question about case sensitivity of usernames in the context of an > LDAP authentication. As far as I understand, LDAP directories are mostly > case insensitive (reference: 'A note about case sensitivity in LDAP' [1]). > XWiki usernames, however, are case sensitive. In order to avoid any > ambiguity with usernames, we are considering to use only lowercase > usernames. Is there a way to force XWiki to use the username as it is stored > in the LDAP directory, case-wise? > > The need seems to be marked as fixed at [2]. However, when doing tests with > OpenLDAP, I notice the following (with XWiki 6.4.2): > > - Context: a user with uid 'aliddell' is present in the LDAP directory. > - Logging in with username 'ALIDDELL' succeeds and a user 'XWiki.ALIDDELL' > gets created (while we'd like to get 'XWiki.aliddell').
> - Subsequent logins with other cases get bound to the existing login > 'XWiki.ALIDDELL'. This is what http://jira.xwiki.org/browse/XWIKI-238 is about: knowning that ALIDDELL and aliddell is the same thing so don't create a new user. This is done using an LDAP related object which contains the reference lower case LDAP uid. But the XWiki user is created based on the first login (assuming that what the user is mostly going to use). > > I understand that we may rewrite the username in JavaScript but that would > work only with form-based auth. Should we write our own LDAPAuthService to > meet the need ? Or would you have other suggestions? The easiest in 6.4.2 would be to write your own authenticator class which extends XWikiLDAPAuthServiceImpl and just overwrite XWikiLDAPAuthServiceImpl#getValidXWikiUserName with something like super.getValidXWikiUserName(name).toLowerCase(). For 7.4+ versions don't hesitate add new improvement issue in http://jira.xwiki.org/browse/LDAP. I guess we could create the XWiki user name based on the actual uid found in the LDAP server, would require a bit of refactoring but it should be doable. > > [1] http://www.zytrax.com/books/ldap/ch2/ > [2] http://jira.xwiki.org/browse/XWIKI-238 > > Thanks a lot, > > Kind regards, > > Stéphane > > -- > Stéphane Laurière > CTO OW2 www.ow2.org > +33 645 816 202 @slauriere > > > > > > > > > > > > > > > > > > > > > > > _______________________________________________ > users mailing list > users@xwiki.org > http://lists.xwiki.org/mailman/listinfo/users -- Thomas Mortagne _______________________________________________ users mailing list users@xwiki.org http://lists.xwiki.org/mailman/listinfo/users
